ALT-BU-2025-16341-5

Branch p11 update bulletin.

Package sane updated to version 1.4.0-alt2 for branch p11 in task 403171.

package systemd socket/service configs

new version

Package wine-cpcsp_proxy updated to version 0.7.7-alt1 for branch p11 in task 403701.

wine-cpcsp_proxy: поддержка wow64

Package php8.3 updated to version 8.3.29-alt1 for branch p11 in task 403545.

Уязвимость объектно-ориентированного прикладного программного интерфейса PDO интерпретатора языка программирования PHP, позволяющая нарушителю вызвать отказ в обслуживании

Severity: LOW (3.7)Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

Severity: LOW (2.6)Vector: AV:N/AC:H/Au:N/C:N/I:N/A:P

References:

CVE-2025-14180

Уязвимость функции php_read_stream_all_chunks языка программирования PHP, позволяющая нарушителю получить доступ к конфиденциальным данным

Severity: LOW (3.7)Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Severity: MEDIUM (4.3)Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

References:

CVE-2025-14177

Уязвимость функции php_array_merge_wrapper языка программирования PHP, позволяющая нарушителю нарушить целостность данных, а также вызвать отказ в обслуживании

Severity: MEDIUM (6.5)Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H

Severity: MEDIUM (6.1)Vector: AV:N/AC:H/Au:N/C:N/I:P/A:C

References:

CVE-2025-14178

In PHP versions:8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1, the getimagesize() function may leak uninitialized heap memory into the APPn segments (e.g., APP1) when reading images in multi-chunk mode (such as via php://filter). This occurs due to a bug in php_read_stream_all_chunks() that overwrites the buffer without advancing the pointer, leaving tail bytes uninitialized. This may lead to information disclosure of sensitive heap data and affect the confidentiality of the target server.

Severity: HIGH (7.5)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: MEDIUM (6.3)Vector: CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

References:

https://github.com/php/php-src/security/advisories/GHSA-3237-qqm7-mfv7

In PHP versions:8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1, a heap buffer overflow occurs in array_merge() when the total element count of packed arrays exceeds 32-bit limits or HT_MAX_SIZE, due to an integer overflow in the precomputation of element counts using zend_hash_num_elements(). This may lead to memory corruption or crashes and affect the integrity and availability of the target server.

Severity: HIGH (8.2)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

References:

In PHP versions 8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1 when using the PDO PostgreSQL driver with PDO::ATTR_EMULATE_PREPARES enabled, an invalid character sequence (such as \x99) in a prepared statement parameter may cause the quoting function PQescapeStringConn to return NULL, leading to a null pointer dereference in pdo_parse_params() function. This may lead to crashes (segmentation fault) and affect the availability of the target server.

Severity: HIGH (7.5)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Severity: HIGH (8.2)Vector: CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

References:

https://github.com/php/php-src/security/advisories/GHSA-8xr5-qppj-gvwj

Package php8.2 updated to version 8.2.30-alt1 for branch p11 in task 403712.

Severity: LOW (3.7)Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

Severity: LOW (2.6)Vector: AV:N/AC:H/Au:N/C:N/I:N/A:P

References:

CVE-2025-14180

Severity: LOW (3.7)Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Severity: MEDIUM (4.3)Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

References:

CVE-2025-14177

Severity: MEDIUM (6.5)Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H

Severity: MEDIUM (6.1)Vector: AV:N/AC:H/Au:N/C:N/I:P/A:C

References:

CVE-2025-14178

Severity: HIGH (7.5)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References:

https://github.com/php/php-src/security/advisories/GHSA-3237-qqm7-mfv7

Severity: HIGH (8.2)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

References:

Severity: HIGH (7.5)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

https://github.com/php/php-src/security/advisories/GHSA-8xr5-qppj-gvwj

Package nextcloud-client updated to version 4.0.4-alt1 for branch p11 in task 404007.

Nextcloud Desktop is the desktop sync client for Nextcloud. Prior to 3.16.5, when trying to manually lock a file inside an end-to-end encrypted directory, the path of the file was sent to the server unencrypted, making it possible for administrators to see it in log files. This vulnerability is fixed in 3.16.5.

Severity: LOW (2.7)Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

References:

Собрать свежую версию Nextcloud-client и зависимые пакеты для gnome

Package glpi updated to version 10.0.22-alt1 for branch p11 in task 404026.

Уязвимость системы заявок, инцидентов и инвентаризации компьютерного оборудования GLPI связана с недостатками контроля доступа, позволяющая нарушителю повысить свои привилегии

Severity: HIGH (7.5)Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: HIGH (7.8)Vector: AV:N/AC:L/Au:N/C:C/I:N/A:N

References:

CVE-2025-64516

Уязвимость системы заявок, инцидентов и инвентаризации компьютерного оборудования GLPI связана с недостатками процедуры авторизации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Severity: MEDIUM (4.3)Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Severity: MEDIUM (4.0)Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N

References:

CVE-2025-64520

Уязвимость системы заявок, инцидентов и инвентаризации компьютерного оборудования GLPI, связанная с непринятием мер по защите структуры веб-страницы, позволяющая нарушителю выполнить произвольный код1

Severity: MEDIUM (6.5)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Severity: HIGH (7.8)Vector: AV:N/AC:L/Au:N/C:C/I:N/A:N

References:

CVE-2025-59935

GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.21, an unauthenticated user can store an XSS payload through the inventory endpoint. Users should upgrade to 10.0.21 to receive a patch.

Severity: MEDIUM (6.5)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

References:

https://github.com/glpi-project/glpi/security/advisories/GHSA-j8vv-9f8m-r7jx

GLPI is a free asset and IT management software package. Prior to 10.0.21 and 11.0.3, an unauthorized user can access GLPI documents attached to any item (ticket, asset, ...). If the public FAQ is enabled, this unauthorized access can be performed by an anonymous user. This vulnerability is fixed in 10.0.21 and 11.0.3.

Severity: HIGH (7.5)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References:

GLPI is a free asset and IT management software package. Starting in version 9.1.0 and prior to version 10.0.21, an unauthorized user with an API access can read all knowledge base entries. Users should upgrade to 10.0.21 to receive a patch.

Severity: MEDIUM (4.3)Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

References:

Package php8.2-soap updated to version 8.2.30-alt1 for branch p11 in task 403712.